Protecting Sensitive Information Stored in Memory
This KB article covers how to protect sensitive information from being stored in memory. Sensitive memory data such as user password, full credit card number, and username may remain in memory in clear text after being used for both iOS and Android. These data details could be observed by reviewing the heap dump (Android) or memory dump (iOS) from the device.
A heap dump is a snapshot of all the objects in the Java Virtual Machine (JVM) heap at a certain point in time.
What are the Recommended Measures?
The recommended measures can be divided into active and passive measures.
The recommended active measures are as follows:
- Avoid the use of sensitive information in memory
- If necessary, always use standard encryption
- Use good practices for developing for each mobile platform:
- Memory info should be removed when is not in use (nullify it in memory in iOS).
- For iOS, it is always recommended to use the keychain to store sensitive info such as user ids, credentials, and passwords.
- For Android, use the recommended functions/APIS/libraries for managing passwords as well.
In addition to keeping best practices while developing your app, you are advised to build and use the protections enabled by the features listed below.
- TotalData Encryption
Data encryption is the process of encoding information. Encryption transforms the original representation of the information from human-readable ‘plaintext’ into non-human readable form (known as ciphertext). Only authorized parties (which hold a private key) can decipher (decrypt) ciphertext back to plaintext in order to read/access the original information. For instructions about using TotalData encryption, see: Protect Mobile App Data Using Data Encryption.
- Blocking Frida
Frida is a dynamic instrumentation / binary instrumentation toolkit intended for developers, pen-testers, and security researchers. Frida has official builds created by the Frida.re website. A custom Frida toolkit is a non-official Frida typically used by malicious actors to compromise mobile apps, inject malicious code, and/or change the logic or behavior of a mobile app in an unintended and malicious way.
For instructions on blocking Frida in mobile apps, see How to Block Frida Instrumentation Exploits in Android & iOS apps.
- Blocking Magisk and Magisk Manager
Magisk is a “systemless” Rooting tool that is used for elevating privileges to gain system-level access (root access) to the Android OS and underlying file system. Magisk does not make changes to the Android bootloader or require flashing custom ROM. Instead, it stores modifications in the boot partition rather than modifying the real system files.
Magisk Manager is a rooting framework that provides multiple modules that enable different rooting features that exploit root access privileges in different ways.
For instructions on blocking Magisk and Magisk Manager, see How to Block Magisk & Magisk Root in Android Apps.
- Blocking Zygisk
Zygisk is a feature of Magisk that allows advanced module developers to execute code directly in any Android app’s processes before the processes run. In doing so, Zygisk is able to gain root access without sending root data, as it starts first after the system and before the app.
For instructions on blocking Zygisk and Root Hiding, see How to Detect Zygisk and Root Hiding in Android Apps.
- Blocking Jailbreak Bypass tools
Hackers combine Jailbreak tools with Jailbreak bypass tools. The first set of tools is used for achieving a Jailbreak state, while the second set of tools is used for concealing that the device is Jailbroken or to bypass Jailbreak protection/detection mechanisms in the app. For instructions on blocking Jailbreak Bypass tools, see How to Protect iOS Apps from Jailbreak Detection Bypass Tools.
- Block Memory Editing tools
Memory Injections and Memory Editing tools are used in modifying the memory of the apps, which in turn can alter the app’s behavior. Memory injection is also a common game cheating method, where the running memory of a mobile game is dynamically changed while the game is running.
For instructions on how to block memory editing tools, see How to Block Memory Editing Tools & Attacks on Android & iOS.
- How to Block Magisk Manager & Malicious Magisk Modules in Android Apps
- How to Block Frida Instrumentation Exploits in Android & iOS Apps
- How to Use iOS Memory Protection to Defeat Memory Editing in iOS apps
How Can I Learn More?
The description above is designed to help you avoid having sensitive information stored in memory.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project